Searching for XSS found LDAP injection

5th Jun 2018

While searching for bugs on target website, I decided to check if it was vulnerable to blind XSS.
It turns out that the system was vulnerable to LDAP injection.

CSRF token steal in Joomla

In this post we will see how you can bypass upload filters in Joomla and deliver a payload to steal victim session token.
With a little of effort, it's possible to trick a Super User to visit a malicious page and force him to create a new Super User for us.

Weaponize Oracle Weblogic Server POC (CVE-2018-2628)

26th Apr 2018

On April 18th 2018, a Remote Command Execution vulnerability has been discosled in Oracle Weblogic Server.
At the time of this writing, there are a couple of Proof Of Concept out there, let's see how we can improve them and pop a remote shell an the victim machine.

SQL or NoSQL injection?

13th Sep 2017

Finding a SQL injection is always a joy: it's one of the most trivial vulnerability to exploit and it's very easy to provide a valid POC. However this time I was having some troubles to find a valid proof: the remote server was simply dropping the connection with a 500 error.
To complete the task I had to think about the box and take a look at the big picture.

How to crawl the web

26th Jul 2017

I usually work with CMS and, from time to time, there's the same old question: what's their marketshare? Joomla claims to be the 2%, WordPress something around 27%. Is there a way to get some solid data and fix this issue once and for all?
Well, the answer is simple: let's crawl the web and count how many sites are using a specific technology.